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DETAILED ACTION 

1. Applicant's response filed on July 12, 2006 has been carefully considered. 
Claims 1-12, 14, 16-18. 20, 22-39 are pending. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner In which the invention was made. 

3. Claims 1-12, 14, 16-18, 20, 22-39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Anand et al. (U.S. Patent No. 6,141,705), hereinafter "Anand", 
in view of Freed et al. (US Pub. No. 2003/0014623 Al), hereinafter Treed". 

Referring to claim 1 : 

i. Anand teaches: 

A method of performing security processing in a computing network 
comprising a local unit having an operating system kernel executing at least one 
application program, comprising: 

receiving a first request at the operating system kernel from the 
application program to initiate a communication with a remote unit (see figure 3, 
element 140 'application data*; and column 10, lines 27-47 of Anand); 

providing a second request from the operating system kernel to a 
security offload component which performs security handshake processing, the second 
request directing the security offload component to secure the communication with the 
remote unit (see e.g. figure 3, element 128 'transport protocol driver, e.g. TCP/IP'; and 
column 10, lines 27-47 of Anand); and 
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providing a control function in the operating system kernel for 
initiating operation of the security handshake processing by the security offload 
component (see figure 3. element 100 'NIC hardware, e.g. ethernet'; and column 10, 
lines 27-47 of Anand). 

Anand further discloses that "rather than perform certain of the 
CPU intensive operations on the data packet as it passes through the respective 
network layers-e.g. checksum calculation/verification, encryption/decryption, message 
digest calculation and TCP segmentation-those tasks can instead be offloaded and 
performed at the NIC hardware." (see column 3, lines 39-44 of Anand) 

However, Anand does not specifically mention the security 
handshake processing among the tasks performed by the offload component. 

ii. Freed discloses a method for secure communications between a 
client and a server. The method includes the steps of managing a communication 
negotiation between the client and the server wherein Freed discloses "Besides 
authenticating the server to the client, the SSL Handshake Protocol: allows the client 
and server to negotiate the cipher suite to be used; allows the client and the server to 
generate symmetric session keys : and establishes the encrypted SSL connection . 
Once the key exchange is complete, the client and the server use this session key to 
encrypt all communication between them." (see page 1, paragraph [0008], lines 1-7 of 
Anand, emphasis added) 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Freed into the systerti of 
Anand to offload the security handshake processing to the offload component. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Freed into the system of Anand to offload the security 
handshake processing to the offload component, because "As such, there is an 
advantage in offloading such CPU intensive task to a peripheral hardware device. This 
would reduce processor utilization and memory bandwidth usage in the host computer, 
and thereby increase the efficiency, speed and throughput of the overall system." (see 
column 2, lines 48-52 of Anand) 
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Referring to claim 2 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose executing the provided control function, thereby initiating 
operation of the security handshake processing (see column 10, lines 27-47 of Anand). 

Referring to claim 3 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose that the operating system Kernel maintains control over 
operation of the security handshake processing (see column 10, lines 27-47 of Anand). 

Referring to claims 4. 7 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which periderms security handshake, and a control (see claim 1 
above). They further disclose that kernel does not participate in operation of the 
security handshake processing (see page 3, paragraph [0034], lines 14-18 of Freed). 

Referring to claim 5 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose specifying information to be used by the security offload 
component (see figure 4, element 150 Vpacket extension'; and column 11, lines 8-27 of 
Anand). 

Referring to claims 6. 8 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the specified information comprises one or more of: a 
connection identifier; a security role; cipher suites options, etc. (see page 1, paragraphs 
[0008], [0010] of Freed). 

Referring to claims 9. 30 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
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above). They further disclose the completion response from offload component (see 
page 5, paragraph [0066] of Freed). 

Referring to claims 10. 31-32 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the conveyed information comprises one or more of: a 
session identifier, one or more session keys, a sequence number, a cipher suite, etc. 
(see page 1, paragraphs [0008], [0010] of Freed). 

Referring to claim 1 1 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose that the operating system kernel maintains control over 
operation of the security handshake processing, and wherein the operating system 
kernel provides one or more message segments (see e.g. figure 7, element 237 'Neg. 
With SSL AD' of Freed). 

Referring to claims 12. 14 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the random number generation when creating initial 
handshake message (see page 4, paragraph [0052] of Freed). 

Referring to claims 16-17 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the certificate and decoding (see page 1, paragraph 
[0009] of Freed). 

Referring to claim 18 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the encryption (see page 1 , paragraph [0009] of Freed). 

Referring to claim 20 : 
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Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the master secret (see page 1, paragraph [0009] of 
Freed). 

Referring to claims 22-23 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the master security secrets and the session cryptography 
keys (see page 1, paragraphs [0008] - [0009] of Freed). 
Referring to claim 24 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the digitally signing (see page 5, paragraph [0054] of 
Freed). 

Referring to claim 25 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose validating a digital certificate (see page 1, paragraph 
[0009], lines 1-8 of Freed). 

Referring to claims 26-29 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose the message authentication code ("MAC") (see page 1, 
paragraph [0009], last 8 lines of Freed). 
Referring to claim 36 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose preparing the data packet, reserving space in the data 
packet, and passing the data packet to the offload component (see figure 4, element 
142 'network packet'; and column 3, lines 39-44 of Anand). 
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Referring to claims 37-38 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose passing control information from the operating system 
kernel to the security offload component (see column 4, lines 9-12 of Anand). 
Referring to claim 39 : 

Anand and Freed teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control (see claim 1 
above). They further disclose encrypting the data in the data packet (see column 9, 
lines 49-50 of Anand). 

Referring to claims 33-35 : 

i. Anand teaches: 

A method of performing security processing in a computing network 
including a local unit having an operating system kernel executing at least one 
application program, comprising: 

providing a security offload component which performs security 
session establishment and control processing (see figure 3, element 100 'nic hardware'; 
column 3, lines 31-44 of Anand); 

providing a control function in the operating system kernel for 
initiating operation of the security session establishment and control processing by the 
security offload component (see column 3, lines 9-23, lines 61-65; and column 4, lines 
9-12 of Anand); 

receiving a request at the operating system kernel from the 
application program to initiate a communication with a remote unit (see figure 3, 
element 140 'application data' of Anand); and 

directing the security offload component to secure the 
communication with the remote unit in response to the request (see column 10. lines 
27-47 of Anand). 

Anand discloses that "rather than perform certain of the CPU 
intensive operations on the data packet as it passes through the respective network 
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layers-e.g. checksum calculation/verification, encryption/decryption, message digest 
calculation and TCP segmentation-those tasks can instead be offloaded and performed 
at the NIC hardware." (see column 3, lines 39-44 of Anand) 

However, Anand does not specifically mention the security session 
establishment among the tasks performed by the offload component. 

ii. Freed discloses a method for secure communications between a 
client and a server. The method includes the steps of managing a communication 
negotiation between the client and the server wherein Freed discloses "Besides 
authenticating the server to the client, the SSL Handshake Protocol: allows the client 
and server to negotiate the cipher suite to be used; allows the client and the server to 
generate symmetric session kevs : and establishes the encn/pted SSL connection . 
Once the key exchange is complete, the client and the server use this session key to 
encrypt all communication between them." (see page 1, paragraph [0008], lines 1-7 of 
Anand, emphasis added) 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Freed into the system of 
Anand to offload the security session establishment to the offload component. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Freed into the system of Anand to offload the security session 
establishment to the offload component, because "As such, there is an advantage in 
offloading such CPU intensive task to a peripheral hardware device. This would reduce 
processor utilization and memory bandwidth usage in the host computer, and thereby 
increase the efficiency, speed and throughput of the overall system." (see column 2. 
lines 48-52 of Anand) 

Response to Arguments 

4. Applicants arguments filed on July 12, 2006 have been fully considered 
and are persuasive. Therefore, the rejection has been withdrawn. However, upon 
further consideration, a new ground(s) of rejection is made. 
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Conclusion 



5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Joseph Pan whose telephone number is 571-272- 
5987. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 
273-6300. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



Joseph Pan 
September 1, 2006 
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